{"id":"https://openalex.org/W4387298379","doi":"https://doi.org/10.1145/3607199.3607244","title":"Why Johnny Can\u2019t Use Secure Docker Images: Investigating the Usability Challenges in Using Docker Image Vulnerability Scanners through Heuristic Evaluation","display_name":"Why Johnny Can\u2019t Use Secure Docker Images: Investigating the Usability Challenges in Using Docker Image Vulnerability Scanners through Heuristic Evaluation","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387298379","doi":"https://doi.org/10.1145/3607199.3607244"},"language":"en","primary_location":{"id":"doi:10.1145/3607199.3607244","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607244","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100412353","display_name":"Taeyoung Kim","orcid":"https://orcid.org/0000-0001-7505-7931"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Taeyoung Kim","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Sungkyunkwan University, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0001-7505-7931","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005193297","display_name":"Seonhye Park","orcid":"https://orcid.org/0009-0000-9849-9599"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Seonhye Park","raw_affiliation_strings":["Department of Computer Science and Engineering, Sungkyunkwan University, Republic of Korea"],"raw_orcid":"https://orcid.org/0009-0000-9849-9599","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Sungkyunkwan University, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016563574","display_name":"Hyoungshick Kim","orcid":"https://orcid.org/0000-0002-1605-3866"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Hyoungshick Kim","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Sungkyunkwan University, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-1605-3866","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100412353"],"corresponding_institution_ids":["https://openalex.org/I848706"],"apc_list":null,"apc_paid":null,"fwci":0.5112,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.71957334,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"669","last_page":"685"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.9255564212799072},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7638940811157227},{"id":"https://openalex.org/keywords/heuristic-evaluation","display_name":"Heuristic evaluation","score":0.6713085174560547},{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.6268797516822815},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6145684123039246},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5981606841087341},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5380584001541138},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.5275508761405945},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5163987278938293},{"id":"https://openalex.org/keywords/usability-inspection","display_name":"Usability inspection","score":0.454546183347702},{"id":"https://openalex.org/keywords/cognitive-walkthrough","display_name":"Cognitive walkthrough","score":0.4459187686443329},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4303261935710907},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36127012968063354},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.33457547426223755},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.2246522307395935},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1569850742816925},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13706928491592407}],"concepts":[{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.9255564212799072},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7638940811157227},{"id":"https://openalex.org/C3255780","wikidata":"https://www.wikidata.org/wiki/Q1616517","display_name":"Heuristic evaluation","level":3,"score":0.6713085174560547},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.6268797516822815},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6145684123039246},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5981606841087341},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5380584001541138},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.5275508761405945},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5163987278938293},{"id":"https://openalex.org/C23456302","wikidata":"https://www.wikidata.org/wiki/Q7901668","display_name":"Usability inspection","level":4,"score":0.454546183347702},{"id":"https://openalex.org/C87105883","wikidata":"https://www.wikidata.org/wiki/Q1107002","display_name":"Cognitive walkthrough","level":4,"score":0.4459187686443329},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4303261935710907},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36127012968063354},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.33457547426223755},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.2246522307395935},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1569850742816925},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13706928491592407},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3607199.3607244","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607244","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1107314557","https://openalex.org/W2004067246","https://openalex.org/W2075952229","https://openalex.org/W2109428365","https://openalex.org/W2115072199","https://openalex.org/W2123051583","https://openalex.org/W2130758759","https://openalex.org/W2158297335","https://openalex.org/W2159613309","https://openalex.org/W2160510495","https://openalex.org/W2162598207","https://openalex.org/W2296335794","https://openalex.org/W2598200822","https://openalex.org/W2940588539","https://openalex.org/W2968031544","https://openalex.org/W3012308217","https://openalex.org/W3016236525","https://openalex.org/W3034155019","https://openalex.org/W3037099619","https://openalex.org/W3084754580","https://openalex.org/W3118815308","https://openalex.org/W3160144036","https://openalex.org/W3160962759","https://openalex.org/W3215744177","https://openalex.org/W4233410239","https://openalex.org/W4285490437","https://openalex.org/W4293280227"],"related_works":["https://openalex.org/W147331940","https://openalex.org/W2187859254","https://openalex.org/W2155602934","https://openalex.org/W2587266006","https://openalex.org/W2150599767","https://openalex.org/W2016022053","https://openalex.org/W2085749886","https://openalex.org/W2485414097","https://openalex.org/W2772000347","https://openalex.org/W2238167322"],"abstract_inverted_index":{"This":[0],"paper":[1],"explores":[2],"the":[3,16,57,70,104,111,121,143],"usability":[4,71,101,144],"of":[5,18,72,145],"Docker":[6,14,34,63,158],"Image":[7],"Vulnerability":[8],"Scanners":[9],"(DIVSes)":[10],"through":[11],"heuristic":[12],"evaluations.":[13],"simplifies":[15],"process":[17],"software":[19,58],"development,":[20],"distribution,":[21],"deployment,":[22],"and":[23,52,60,86,95,138,154],"execution":[24,29],"by":[25],"providing":[26],"a":[27],"container-based":[28],"environment.":[30],"However,":[31],"vulnerabilities":[32,55,156],"in":[33,48,56,157],"images":[35],"can":[36],"pose":[37],"security":[38],"risks":[39,122],"to":[40,89,119,152],"containers.":[41],"To":[42,77],"mitigate":[43],"this,":[44],"DIVSes":[45,73,92,113],"are":[46],"crucial":[47],"helping":[49],"developers":[50,151],"identify":[51,153],"address":[53,78,155],"these":[54],"packages":[59],"libraries":[61],"within":[62,103],"images.":[64,159],"Despite":[65],"their":[66],"importance,":[67],"research":[68],"on":[69],"has":[74],"been":[75],"limited.":[76],"this":[79],"gap,":[80],"we":[81],"developed":[82],"11":[83],"customized":[84],"heuristics":[85],"applied":[87],"them":[88],"three":[90],"widely-used":[91],"(Grype,":[93],"Trivy,":[94],"Snyk).":[96],"Our":[97,107,133],"evaluations":[98],"revealed":[99],"239":[100],"issues":[102],"tools":[105],"evaluated.":[106],"findings":[108],"highlight":[109],"that":[110],"evaluated":[112],"do":[114],"not":[115],"provide":[116],"sufficient":[117],"information":[118],"comprehend":[120],"associated":[123],"with":[124],"identified":[125],"vulnerabilities,":[126],"prioritize":[127],"them,":[128],"or":[129],"effectively":[130],"fix":[131],"them.":[132],"study":[134],"offers":[135],"valuable":[136],"insights":[137],"practical":[139],"recommendations":[140],"for":[141,150],"enhancing":[142],"DIVSes,":[146],"making":[147],"it":[148],"easier":[149]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}